Open Web Application Security Project Releases CISO Survey Report

The Open Web Application Security Project (OWASP) has just releases the results of a Survey of global CISOs. Their report provides helpful perspectives for two interrelated communities: 1) CISOs who will find the report provides context that can help them better manage application security risks, and 2) Developers, who will find this report underscores the importance of application security.

OWASP is an international organization and an open community dedicated to helping organizations conceive, develop, acquire, operate and maintain applications that can be trusted. All OWASP tools, documents, forums and chapters and free and open to anyone interested in improving application security.

The report is well written and succinct enough for us to recommend you download it and read it all yourself. Do so here. It is also in total consonance with the recently released OWASP Application Security Guide for CISO’s, which can be downloaded here.

The survey of global CISOs highlights several interesting conclusions including:

Application security risks are clearly on the rise, in absolute numbers and also relative to infrastructure security risks.

Risks from external threats are clearly increasing for organizations.

Security awareness and training is the biggest challenge and most important priority for CISOs going forward into 2014 (more critical than tools, testing or budget).

As we hear from a number of CISOs about difficulties acquiring an adequate budget, it appears that having a 2-year security strategy improves your chances for getting or increasing your security budget/investments.

Only about one fourth of organizations currently have some form of application security management system or maturity model. But over 40% are looking at this for the coming 12 months. So there might be a lot of activity in this area in the near future, and we hope one of our OWASP projects, openSAMM (Open Software Assurance Maturity Model), can help executives with that.